Remove-AadrmRoleBasedAdministrator

Removes administrative rights from Rights Management.

Syntax

Remove-AadrmRoleBasedAdministrator
      [-ObjectId <Guid>]
      [-Role <Role>]
      [<CommonParameters>]
Remove-AadrmRoleBasedAdministrator
      [-SecurityGroupDisplayName <String>]
      [-Role <Role>]
      [<CommonParameters>]
Remove-AadrmRoleBasedAdministrator
      [-EmailAddress <String>]
      [-Role <Role>]
      [<CommonParameters>]

Description

Note

This cmdlet from the AADRM module is now deprecated. After July 15, 2020, this cmdlet name will be supported only as an alias to its replacement in the AIPService module.

For more information, see the overview page.

The Remove-AadrmRoleBasedAdministrator cmdlet removes administrative rights to your organization's Azure Rights Management service, so that administrators you have previously delegated to configure this service can no longer do so by using PowerShell commands.

You must use PowerShell to configure delegated administrative control for the Azure Rights Management service; you cannot do this configuration by using a management portal.

To see the full list of delegated administrators for the Azure Rights Management service, use Get-AadrmRoleBasedAdministrator. Run the Remove-AadrmRoleBasedAdministrator cmdlet for each user or group that you want to remove from the list.

Examples

Example 1: Remove administrative rights by using a display name

PS C:\>Remove-AadrmRoleBasedAdministrator -SecurityGroupDisplayName "Finance Employees"

This command removes administrative rights to the Azure Rights Management service for the group that has a display name of "Finance Employees".

Example 2: Remove administrative rights by using an email address

PS C:\>Remove-AadrmRoleBasedAdministrator -EmailAddress "EvanNarvaez@Contoso.com"

This command removes administrative rights to the Azure Rights Management service for the user who has an email address of "EvanNarvaez@Contoso.com".

Parameters

-EmailAddress

Specifies the email address of a user or group to remove administrative rights for the Azure Rights Management service. If the user has no email address, specify the user's Universal Principal Name.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ObjectId

Specifies the GUID of a user or group to remove administrative rights for the Azure Rights Management service.

Type:Guid
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Role

Specifies a role. The cmdlet removes an administrator that belongs to the role that you specify.

The acceptable values for this parameter are:

  • ConnectorAdministrator

  • GlobalAdministrator

If you do not specify a role, the cmdlet removes the administrator from the GlobalAdministrator role.

Type:Role
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-SecurityGroupDisplayName

Specifies the display name of a user or group that should no longer have administrative rights for the Azure Rights Management service.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False